After doing some more debugging using nc and openssl s_client it appears
that postfix first expects the PROXY line and then the ssl CLIENT_HELLO.
So passing through the client TCP connection would be the correct
configuration I believe.
So if I configure it like this:
frontend ft_smtps
bind 0.0.0.0
timeout client 1m
log global
option tcplog
default_backend bk_postfix_smtps
backend bk_postfix_smtps
option smtpchk HELO localhost
log global
option tcplog
timeout server 1m
timeout connect 5s
server mailbackend mail:10464 send-proxy
And try to use openssl s_client to debug, this happens:
erlacher@vmrbg48:~$ openssl s_client -debug -connect haproxy1:465
CONNECTED(00000003)
The connection hangs there.
Adding "check" to the backend server line leads to L7TOUT.
So I have no idea how to make this work...
Best,
Luke
